Limiting Security Risks with a Document Viewer

Are there security advantages to an alternate viewer, for example Prizm Content Connect or Prizm Cloud Connect?

Security is on everyone’s mind these days, and if it isn’t it should be.  It is certainly on Oracle’s mind as they have had a lot of Java vulnerabilities reported in the last few months. Microsoft also released their largest ever Patch Tuesday to address 57 different vulnerabilities in some of their top products.  Both of these companies are top tier vendors and have millions of installed applications.  Having that kind of install base makes them prime targets.  A reasonable question then might be “Are there security advantages if I went with someone else?”  I’ll explore this question in relation to PDF and document viewers.

The first thing to realize about a “PDF vulnerability” or a “Word vulnerability” is that this is actually shorthand for “A vulnerability in application X when acting on files of type Y” where Y happens to be a PDF or Word document.  An in-the-wild exploit that uses a PDF vulnerability must target a specific application, usually Adobe Acrobat Reader, and usually it targets a specific version.  This means that if you are viewing a malicious PDF targeted at Adobe Acrobat Reader with Prizm Content Connect, or Prizm Cloud Connect then this file will most likely fail to render instead of running malicious code.  This is not a new idea, this is Security through Minority.  This is the idea that an attacker has limited time and is trying to extract maximum value out of that time and so they will target the most widespread applications.  While this might be true in the general case, it might not be true in the targeted case.  The number one prediction from Kaspersky Lab’s Security Bulletin 2012 is that targeted attacks and cyber-espionage are on the rise, so it’s something to consider.

The next thing to think about is where the file is parsed and rendered.  Where is code executing that the attacker can influence?  In client based viewers the file is parsed and rendered on the client machine.  This means that each machine needs to follow security best practices.  Each machine needs to apply the latest security patches.  Is it easy to roll-out company wide updates to a viewer?  With the Prizm Content Connect and Prizm Cloud Connect architecture the file parsing happens on a back-end server.  If you are using our latest HTML5 based viewer only a PNG file is sent to the client.  This means that you can focus your security efforts on the back-end server.  A back-end server can reduce its attack surface by running with very limited accounts and having very few applications installed.  It gives you a single place to add monitoring and auditing of activity.   It is much easier to manage security updates and hardening for a single machine than for the 100s or 1,000s of client machines your organization might have.  Especially when you consider the rise of BYOD (Bring Your Own Device).

As with any security policy it is not always easy to see what is an advantage or not for a particular organization.  These two aspects are certainly security considerations, can they be turned into security advantages for your organization?

Source: http://blog.accusoft.com/posts/2013/february/limiting-security-risks-with-a-document-viewer.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s